source: http://www.securityfocus.com/bid/12482/info
PHP-Fusion is reportedly affected by an information disclosure vulnerability. This issue is due to the application failing to properly sanitize user-supplied input.
It is reported that an attacker could leverage this vulnerability to view any thread of protected forums on an affected version of the application. All PHP-Fusion 4 versions are reportedly affected by this vulnerability; earlier versions may also be vulnerable.
http://www.example.com/fusion_forum/viewthread.php?forum_id=10000&forum_cat=100000&thread_id=2